CLAIMS 



What is claimed is: 

1 . A method for performing network address translations for a session in a 
network, the network including at least one local network domain, the local network domain 
including at least one computer system, each of the at least one computer system having a 
local address and being associated with a global address, the session exchanging a plurality 
of packets that travel to and from a second at least one computer system within the network, 
each of the second at least one computer system being connected to the network outside of 
the local network domain, each of the plurality of packets including source information and 
destination information, the method comprising the steps of: 

(a) searching a global address table for a match of a key for each of the plurality 
of packets to determine a direction of travel for each of the plurality of packets, the key 
being provided using a portion of the destination information, the global address table 
including at least one entry, each of the at least one entry corresponding to the global address 
for a first corresponding computer system; and 

(b) asymmetrically translating the source information and destination information 
for each of the plurality of packets using an address translation table or session table based 
on a direction the packet is traveling, the address translation table including at least one 
entry, each of the at least one entry corresponding to the local address for a first at least one 
computer system within the at least one local network domain of the network, the session 
table including at least one session table entry, each of the at least one session table entry 
corresponding to a specific connection between two computer systems. 
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2. The method of claim 1 , wherein the asymmetrically translating step (b) 
further includes the steps of: 

(bl) determining that the direction the packet is traveling is inbound if an exact 
match is found while searching the global address table, and determining that the direction 
the packet is traveling is outbound if the exact match is not found while searching the global 
address table. 



Ms 
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3. The method of claim 1 wherein the direction of travel can be inbound or 
outbound and wherein the asymmetrically translating step (b) further includes the steps of: 

(bl) translating the source information using the address translation table if the 

□ 

jj** packet is outbound; and 

lj (b2) translating the destination information using the session table if the packet is 

inbound. 
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4. The method of claim 1 wherein at least one global port is associated with the 
" network beyond the local network domain and at least one local port is associated with the 

local network domain connecting the first at least one computer system to the network, and 
wherein asymmetrically translating the source information and destination information in 
step (b) further includes the steps of: 
20 (b 1 ) if the full match is found, transposing the destination information with the 

source information, providing a symmetric key using transposed source and destination 
information, using the symmetric key to search a session table and then performing network 
address translation using session table data; and 
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(b2) if the full match is not found, searching the address translation table using the 
source information, performing the network address translation using address translation 
table data, providing the symmetric key from translated source parameters, and using the 
symmetric key to search the session table. 



5. The method of claim 1 further including the steps of: 

(cl) utilizing the symmetric key to access an entry for the session in the session 

table. 



6. The method of claim 5 wherein the session table has a single entry per 
session. 



7. The method of claim 1 wherein the first at least one computer system is a 

server. 



8. The method of claim 6, wherein the server is partitioned into multiple logical 
servers, each of which has a different global network address. 

9. The method of claim 1 wherein at least one global port is associated with the 
network beyond the local network domain, and at least one local port is associated with the 
local network domain connecting the first at least on computers system to the network and 
wherein asymmetrically translating the source information and destination information in 
step (b) further includes the steps of: 
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(bl) if the full match is found, providing a symmetric key using a symmetric 
function, using the symmetric key to search a session table and then performing network 
address translation using session table data; and 

(b2) if the full match is not found, searching the address translation table using the 
source information, performing the network adclress translation using address translation 
table data, providing the symmetric key using the symmetric function and using the 
symmetric key from translated source parameters to search the session table. 

10. A system for performing network address translations for a session in a 
network, the network including at least one local network domain, the local network domain 
including at least one computer system, each of the at least one computer system having a 
local address and being associated with a global address, the session exchanging a plurality 
of packets that travel to and from a second at least one computer system within the network, 
each of the second at least one computer system being connected to the network outside of 
the local network domain, each of the plurality of packets including source information and 
destination information, the system comprising: 

a memory for storing an address translation table, a global address table and a session 
table, the address translation table including at least one entry, the address translation table 
including at least one entry, each of the at least one entry corresponding to the local address 
for a first corresponding computer system within the at least one local network domain of 
the network, the session table including at least one session table entry, each of the at least 
one session table entry corresponding to a specific connection between two computer 
systems, the global address table including at least one entry, each of the at least one entry 
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corresponding to the global address for a first at least one corresponding computer system; 
and 

a processor for searching the global address table for a full match of a key for each of 
the plurality of packets, the key being provided using a portion of the source destination 
information, the processor also for asymmetrically translating the source information and 
destination information for each of the plurality of packets using the address translation table 
or a session table based on a direction the packet is traveling. 

1 1 . The system of claim 1 0, wherein the processor asymmetrically translates the 
source information by determining that the direction the packet is traveling is inbound if an 
exact match is found while searching the global address table, and determining that the 
direction the packet is traveling is outbound if the exact match is not found while searching 
the global address table. 

12. The method of claim 1 wherein the direction of travel can be inbound or 
outbound and wherein the processor asymmetrically translates the source information by 
translating the source information using the address translation table if the packet is 
outbound and translates the destination information using the session table if the packet is 
inbound. 

1 3 . The system of claim 1 1 wherein the computer system wherein the session 
table is indexed using the symmetric key and wherein the processor identifies the session 
utilizing the symmetric key to access an entry for the session in the session. 
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14. The system of claim 1 3 wherein the session table has a single entry per 

session. 

15. The system of claim 10 wherein at least one global port is associated with the 
network beyond the local network domain and at least one local port is associated with the 
local network domain connecting the first at least one computer system to the network, and 
wherein if the foil match is found, the processor provides a symmetric key using a symmetric 
function, uses the symmetric key to search a session table and then performs network 
address translation using session table data; and 

wherein if the foil match is not found, the processor searches the address translation 
table using the source information, performs the network address translation using address 
translation table data, provides the symmetric key from translated source parameters, and 
uses the symmetric key to search the session table. 

1 6 The system of claim 1 0 wherein the first at least one computer system is a 

server. 

17. The system of claim 16, wherein the server is partitioned into multiple logical 
servers, each of which has a different global network address. 

18. A computer-readable medium containing a program for performing network 
address translations for a session in a network, the network including at least one local 
network domain, the local network domain including at least one computer system, each of 
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the at least one computer system having a local address and being associated with a global 
address, the session exchanging a plurality of packets that travel to and from a second at 
least one computer system within the network, each of the second at least one computer 
system being connected to the network outside of the local network domain, each of the 
plurality of packets including source information and destination information, the program 
including instructions for: 

(a) searching a global address table for a match of a key for each of the plurality 
of packets to determine a direction of travel for each of the plurality of packets, the key 
being provided using a portion of the destination information, the global address table 
including at least one entry, each of the at least one entry corresponding to the global address 
for a first corresponding computer system; and 

(b) asymmetrically translating the source information and destination information 
for each of the plurality of packets using an address translation table or session table based 
on a direction the packet is traveling, the address translation table including at least one 
entry, each of the at least one entry corresponding to the local address for a first 
corresponding computer system within the at least one local network domain of the network, 
the session table including at least one entry, each of the at least one entry corresponding to a 
specific connection between two computer systems. 

19. The computer-readable medium of claim 18, wherein the asymmetrically 
translating instructions (b) further includes instructions for: 

(bl) determining that the direction the packet is traveling is inbound if an exact 
match is found while searching the global address table, and determining that the direction 
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the packet is traveling is outbound if the exact match is not found while searching the global 
address table. 

20. The computer-readable medium of claim 1 8 wherein the direction of travel 
can be inbound or outbound and wherein the asymmetrically translating instructions (b) 
further includes instructions for: 

(bl) translating the source information using the address translation table if the 
packet is outbound; and 

(b2) translating the destination information using the session table if the packet is 
inbound. 

21 . The computer-readable medium of claim 1 8 wherein at least one global port 
is associated with the network beyond the local network domain and at least one local port is 
associated with the local network domain connecting the first at least one computer system 
to the network, and wherein asymmetrically translating the source information and 
destination information in instructions (b) further includes instructions for: 

(bl) if the full match is found, transposing the destination information with the 
source information, providing a symmetric key using transposed source and destination 
information, using the symmetric key to search a session table and then performing network 
address translation using session table data; and 

(b2) if the full match is not found, searching the address translation table using the 
source information, performing the network address translation using address translation 
table data, providing the symmetric key from translated source parameters, and using the 
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symmetric key to search the session table. 

22. The computer-readable medium of claim 1 8 wherein the program further 
includes instructions for: 

(c) utilizing the symmetric key to access an entry for the session in the session 

table. 

23. The computer-readable medium of claim 22 wherein the session table has a 
single entry per session. 

24. The computer-readable medium of claim 1 8 wherein the first at least one 
computer system is a server. 

25. The computer-readable medium of claim 24, wherein the server is partitioned 
into multiple logical servers, each of which has a different global network address. 

26. The computer-readable medium of claim 1 8 wherein at least one global port 
is associated with the network beyond the local network domain, and at least one local port 
is associated with the local network domain connecting the first at least on computers system 
to the network and wherein asymmetrically translating the source information and 
destination information in instructions (b) further includes instructions for: 

(bl) if the full match is found, providing a symmetric key using a symmetric 
function, using the symmetric key to search a session table and then performing network 
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address translation using session table data; and 

(b2) if the full match is not found, searching the address translation table using the 
source information, performing the network address translation using address translation 
table data, providing the symmetric key using the symmetric function and using the 
symmetric key from translated source parameters to search the session table. 
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